The new law will come into force on 25 May, and is an amendment to the EU's Privacy and Electronic Communications Directive. It will require UK businesses and other organisations to obtain consent from visitors to their websites in order to store and retrieve information from users' computers.
A cookie is a small file that a website puts on a user's computer so that it can remember something, for example the user's preferences or log-in details at a later time.
Information Commissioner Christopher Graham said the introduction of the new law would be a "challenge", but added that it will "have positive benefits as it will give people more choice and control over what information businesses and other organisations can store on and access from consumers' own computers".
Graham said that businesses running websites in the UK "must wake up to the fact that this is happening".
"We are proactively working with the government, businesses and the public sector to find a workable solution."
The Department for Culture, Media and Sport is leading on implementing the new measures in the UK, while the ICO will be responsible for regulation.
Minister for Culture, Communications and the Creative Industries, Ed Vaizey, has acknowledged it was unlikely industry would find a workable system to comply with the Directive by 25 May.